As we’ve discussed again and again, the numbers don’t lie. In 2021, there were 5.3 trillion attempted cyberattacks. At least $1.8 billion was lost to business email compromise attacks. The title industry is not immune to this threat. If anything, the industry’s access to and storage of NPI in combination with a relatively slow defensive response to the threat makes us a prime target.
The resulting reality in all of this is that cyber insurance is becoming part of the budget discussion for title companies. And while we’ve yet to meet a title professional who enjoys another cost—especially when it isn’t directly associated with a revenue center—we’ve also yet to meet a victim of a cyber attack who remains positive about his or her decision not to purchase a policy. Just like Multi Factor Authentication, cyber insurance is becoming a “must-have” in our industry.
So what is your monthly cyber insurance premium based on? We found a great article recently on the WatchGaurd website, which observed that five factors weigh on your policy. Those elements include sector. So, for example, a business that classifies as healthcare, technology, public administration or financial (and yes, title agents, you are in the financial services industry) is likely to see a higher premium as the result of the frequency of attacks in combination with the size of the associated costs of an attack.
The next factor is size. Obviously, the more devices, users and pathways to the Internet your organization has, the larger the threat. Similarly, geography (e.g. multi-nation workforce) and remote presence (WFH) can create conditions that are trickier to defend than the contained environment of a single office, and weigh on your policy as well.
Perhaps the biggest element determining a cyber insurance premium is company revenue. Even cyber insurers have their limits, but the higher a company’s revenue, the higher the maximum on losses covered (and the higher the premium). That said, like any other insurance policy, cyber security comes in many different flavors, some more expensive than other. But be sure of this: there are no policies available for businesses that cannot demonstrate they’ve implemented and are actively using some level of cybersecurity defense. Your McAfee anti-virus won’t be enough. Instead, you’ll need some level of endpoint protection and—we know you’ve seen this here before—the systemic and consistent use of MFA.
All of this is just a start, and we’ll come back to this topic again. For now, it’s probably time to get educated on the topic. While we, as an industry, are just now becoming aware of the very real threat of cybercrime, be assured that the most sophisticated of criminals are well aware of us, what we do, and who’s done the least to protect their data.